Files
@ 8d272d91d3d2
Branch filter:
Location: majic-ansible-roles/roles/common/molecule/default/group_vars/parameters-optional.yml - annotation
8d272d91d3d2
1.8 KiB
text/x-yaml
MAR-165: Deploy Diffie-Helman parameters for LDAP server in the ldap_server role:
- Not relevant for Debian Strech because of a bug in the OpenLDAP
version it ships with.
- This should allow use of DHE ciphers with LDAP server.
- Generated DH parameters only help pick one of the parameters from
RFC-7919 (based on the size of generated ones).
- Make the cipher test lists distro-specific due to differences
between supported algorithms in respective GnuTLS versions.
- Not relevant for Debian Strech because of a bug in the OpenLDAP
version it ships with.
- This should allow use of DHE ciphers with LDAP server.
- Generated DH parameters only help pick one of the parameters from
RFC-7919 (based on the size of generated ones).
- Make the cipher test lists distro-specific due to differences
between supported algorithms in respective GnuTLS versions.
6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 ca784c26d35c ca784c26d35c 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 64e43cff4f29 7b004fce5c8b 7b004fce5c8b 7b004fce5c8b 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 6b8b1d4c9061 | ---
enable_backup: true
apt_proxy: "http://10.31.127.2:3142/"
os_users:
- name: user1
- name: user2
uid: 2001
additional_groups:
- group1
- group2
authorized_keys:
- "{{ lookup('file', 'tests/data/ssh/clientkey1.pub') }}"
- "{{ lookup('file', 'tests/data/ssh/clientkey2.pub') }}"
# Password is 'user2'.
password: "$6$wdXOQiMe09ugh0$VRIph2XA2QQyEYlAlH7zT4TPACDUalf/4FKpqG9JRHfKxANTcTug2ANCt450htcs0LikJfHLWofLP54jraFU61"
- name: user3
uid: 2002
additional_groups:
- group3
authorized_keys:
- "{{ lookup('file', 'tests/data/ssh/clientkey3.pub') }}"
# Password is 'user3'.
password: "$6$nmx.21uLqT$9LrUqNUgUwIM.l0KFKgr2.kDEwe2lo7IbBIhnG70AGW7GTFdWBUFnGAxH15YxikTXhDJD/uxd.NNgojEOjRvx1"
os_groups:
- name: group1
- name: group2
gid: 3001
- name: group3
gid: 3002
common_packages:
- units
- gnutls-bin
- emacs24-nox
ca_certificates:
cacert1: "{{ lookup('file', 'tests/data/x509/ca/level1.cert.pem') }}"
cacert2: "{{ lookup('file', 'tests/data/x509/ca/level2.cert.pem') }}"
extra_backup_patterns:
- /home/user1
- /home/user2
incoming_connection_limit: 5/second
incoming_connection_limit_burst: 5
pipreqcheck_uid: 2500
pipreqcheck_gid: 2500
prompt_colour: cyan
prompt_id: test
# Purposefully set this to 3 servers to make sure we are
# overriding the default configuration.
ntp_servers:
- "0.debian.pool.ntp.org"
- "1.debian.pool.ntp.org"
- "2.debian.pool.ntp.org"
maintenance: true
maintenance_allowed_hosts:
- client1
# From backup_client role meta dependency.
backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/backup_encryption_key') }}"
backup_server: backup-server
backup_server_host_ssh_public_keys:
- bougs-backup-server-key-1
- bougs-backup-server-key-2
backup_ssh_key: "bogus-backup-client-key"
|